From d400fce651ca9c8e3bb3a69518ef86011a48f332 Mon Sep 17 00:00:00 2001 From: cad-safe-bot Date: Thu, 30 May 2024 12:03:30 +0000 Subject: [PATCH] Auto-Update: 2024-05-30T12:00:38.282572+00:00 --- CVE-2022/CVE-2022-333xx/CVE-2022-33324.json | 164 ++++++++++---------- CVE-2024/CVE-2024-35xx/CVE-2024-3583.json | 47 ++++++ CVE-2024/CVE-2024-360xx/CVE-2024-36014.json | 10 +- CVE-2024/CVE-2024-360xx/CVE-2024-36016.json | 14 +- CVE-2024/CVE-2024-44xx/CVE-2024-4427.json | 4 + CVE-2024/CVE-2024-46xx/CVE-2024-4668.json | 63 ++++++++ CVE-2024/CVE-2024-53xx/CVE-2024-5326.json | 55 +++++++ README.md | 23 +-- _state.csv | 21 +-- 9 files changed, 297 insertions(+), 104 deletions(-) create mode 100644 CVE-2024/CVE-2024-35xx/CVE-2024-3583.json create mode 100644 CVE-2024/CVE-2024-46xx/CVE-2024-4668.json create mode 100644 CVE-2024/CVE-2024-53xx/CVE-2024-5326.json diff --git a/CVE-2022/CVE-2022-333xx/CVE-2022-33324.json b/CVE-2022/CVE-2022-333xx/CVE-2022-33324.json index cbad4a77a36..0a8d36365c4 100644 --- a/CVE-2022/CVE-2022-333xx/CVE-2022-33324.json +++ b/CVE-2022/CVE-2022-333xx/CVE-2022-33324.json @@ -2,12 +2,12 @@ "id": "CVE-2022-33324", "sourceIdentifier": "Mitsubishielectric.Psirt@yd.MitsubishiElectric.co.jp", "published": "2022-12-23T03:15:08.723", - "lastModified": "2023-12-13T05:15:07.773", + "lastModified": "2024-05-30T10:15:08.703", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", - "value": "Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions \"32\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"65\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions \"29\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions \"17\" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW all versions allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery." + "value": "Improper Resource Shutdown or Release vulnerability in Mitsubishi Electric Corporation MELSEC iQ-R Series R00/01/02CPU Firmware versions \"32\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions \"65\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R08/16/32/120SFCPU Firmware versions \"29\" and prior, Mitsubishi Electric Corporation MELSEC iQ-R Series R12CCPU-V Firmware versions \"17\" and prior, Mitsubishi Electric Corporation MELSEC iQ-L Series L04/08/16/32HCPU all versions and Mitsubishi Electric Corporation MELIPC Series MI5122-VW Firmware versions \"07\" and prior allows a remote unauthenticated attacker to cause a Denial of Service condition in Ethernet communication on the module by sending specially crafted packets. A system reset of the module is required for recovery." }, { "lang": "es", @@ -89,10 +89,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": true, - "criteria": "cpe:2.3:o:mitsubishi:melsec_iq-r_r00_cpu_firmware:*:*:*:*:*:*:*:*", - "versionEndExcluding": "33.0", - "matchCriteriaId": "EFC979CD-10C3-400C-A7EA-9E9B3637E1D7" + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r00_cpu:-:*:*:*:*:*:*:*", + "matchCriteriaId": "FC6B7E9C-C56C-4452-9A8A-3E8BF51ED354" } ] }, @@ -101,9 +100,10 @@ "negate": false, "cpeMatch": [ { - "vulnerable": false, - "criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r00_cpu:-:*:*:*:*:*:*:*", - "matchCriteriaId": "FC6B7E9C-C56C-4452-9A8A-3E8BF51ED354" + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishi:melsec_iq-r_r00_cpu_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "33.0", + "matchCriteriaId": "EFC979CD-10C3-400C-A7EA-9E9B3637E1D7" } ] } @@ -112,6 +112,17 @@ { "operator": "AND", "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r01_cpu:-:*:*:*:*:*:*:*", + "matchCriteriaId": "560D6AFE-4CDC-40D0-8C35-6749375B9B3C" + } + ] + }, { "operator": "OR", "negate": false, @@ -123,23 +134,23 @@ "matchCriteriaId": "7E13BF4F-3D5A-4FAD-BCD8-7261920AE06F" } ] - }, - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": false, - "criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r01_cpu:-:*:*:*:*:*:*:*", - "matchCriteriaId": "560D6AFE-4CDC-40D0-8C35-6749375B9B3C" - } - ] } ] }, { "operator": "AND", "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r02_cpu:-:*:*:*:*:*:*:*", + "matchCriteriaId": "E4D5746A-B9BC-4A4C-AF09-D2B16D54BF4D" + } + ] + }, { "operator": "OR", "negate": false, @@ -151,23 +162,23 @@ "matchCriteriaId": "60BEF351-E337-4302-8D82-E90B2834370F" } ] - }, - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": false, - "criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r02_cpu:-:*:*:*:*:*:*:*", - "matchCriteriaId": "E4D5746A-B9BC-4A4C-AF09-D2B16D54BF4D" - } - ] } ] }, { "operator": "AND", "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r04_cpu:-:*:*:*:*:*:*:*", + "matchCriteriaId": "DA6B52DA-0EF4-46BF-A36D-92F717F70987" + } + ] + }, { "operator": "OR", "negate": false, @@ -179,23 +190,23 @@ "matchCriteriaId": "0B733AD2-E857-47F4-89D5-A8F8B45F4A52" } ] - }, - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": false, - "criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r04_cpu:-:*:*:*:*:*:*:*", - "matchCriteriaId": "DA6B52DA-0EF4-46BF-A36D-92F717F70987" - } - ] } ] }, { "operator": "AND", "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r08_cpu:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CF4496AD-1EFC-4B1D-8122-799FA34B40CB" + } + ] + }, { "operator": "OR", "negate": false, @@ -207,23 +218,23 @@ "matchCriteriaId": "94D88549-B35E-4E27-84D1-3A828604BAED" } ] - }, - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": false, - "criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r08_cpu:-:*:*:*:*:*:*:*", - "matchCriteriaId": "CF4496AD-1EFC-4B1D-8122-799FA34B40CB" - } - ] } ] }, { "operator": "AND", "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r16_cpu:-:*:*:*:*:*:*:*", + "matchCriteriaId": "CA42D2F8-7856-4983-8FA9-0421E039AE8C" + } + ] + }, { "operator": "OR", "negate": false, @@ -235,23 +246,23 @@ "matchCriteriaId": "64A9C5A6-401D-4E28-A0DB-0BCD84B4E62B" } ] - }, - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": false, - "criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r16_cpu:-:*:*:*:*:*:*:*", - "matchCriteriaId": "CA42D2F8-7856-4983-8FA9-0421E039AE8C" - } - ] } ] }, { "operator": "AND", "nodes": [ + { + "operator": "OR", + "negate": false, + "cpeMatch": [ + { + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r32_cpu:-:*:*:*:*:*:*:*", + "matchCriteriaId": "46D73C1A-3B81-4E81-A56D-0A75CEA4F92C" + } + ] + }, { "operator": "OR", "negate": false, @@ -263,17 +274,6 @@ "matchCriteriaId": "3F397671-FF15-45B0-8CEE-BC807B402019" } ] - }, - { - "operator": "OR", - "negate": false, - "cpeMatch": [ - { - "vulnerable": false, - "criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r32_cpu:-:*:*:*:*:*:*:*", - "matchCriteriaId": "46D73C1A-3B81-4E81-A56D-0A75CEA4F92C" - } - ] } ] }, @@ -285,10 +285,9 @@ "negate": false, "cpeMatch": [ { - "vulnerable": true, - "criteria": "cpe:2.3:o:mitsubishi:melsec_iq-r_r120_cpu_firmware:*:*:*:*:*:*:*:*", - "versionEndExcluding": "66.0", - "matchCriteriaId": "4F2250E2-BDB4-4D12-BE4A-9BFBE83736D6" + "vulnerable": false, + "criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r120_cpu:-:*:*:*:*:*:*:*", + "matchCriteriaId": "3EB4326B-B4F4-40DD-8220-204D490FFB38" } ] }, @@ -297,9 +296,10 @@ "negate": false, "cpeMatch": [ { - "vulnerable": false, - "criteria": "cpe:2.3:h:mitsubishi:melsec_iq-r_r120_cpu:-:*:*:*:*:*:*:*", - "matchCriteriaId": "3EB4326B-B4F4-40DD-8220-204D490FFB38" + "vulnerable": true, + "criteria": "cpe:2.3:o:mitsubishi:melsec_iq-r_r120_cpu_firmware:*:*:*:*:*:*:*:*", + "versionEndExcluding": "66.0", + "matchCriteriaId": "4F2250E2-BDB4-4D12-BE4A-9BFBE83736D6" } ] } diff --git a/CVE-2024/CVE-2024-35xx/CVE-2024-3583.json b/CVE-2024/CVE-2024-35xx/CVE-2024-3583.json new file mode 100644 index 00000000000..6ee492f8736 --- /dev/null +++ b/CVE-2024/CVE-2024-35xx/CVE-2024-3583.json @@ -0,0 +1,47 @@ +{ + "id": "CVE-2024-3583", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-30T11:15:30.753", + "lastModified": "2024-05-30T11:15:30.753", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Simple Like Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Secondary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/changeset/3092346/simple-facebook-plugin/trunk?contextall=1&old=3051436&old_path=%2Fsimple-facebook-plugin%2Ftrunk", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/070f6820-e70c-4325-b5cb-d2010da34dce?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-360xx/CVE-2024-36014.json b/CVE-2024/CVE-2024-360xx/CVE-2024-36014.json index 09781bf4937..036ee79a927 100644 --- a/CVE-2024/CVE-2024-360xx/CVE-2024-36014.json +++ b/CVE-2024/CVE-2024-360xx/CVE-2024-36014.json @@ -2,7 +2,7 @@ "id": "CVE-2024-36014", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-29T07:15:10.177", - "lastModified": "2024-05-29T13:02:09.280", + "lastModified": "2024-05-30T10:15:09.933", "vulnStatus": "Awaiting Analysis", "descriptions": [ { @@ -16,9 +16,17 @@ ], "metrics": {}, "references": [ + { + "url": "https://git.kernel.org/stable/c/93f76ec1eddce60dbb5885cbc0d7df54adee4639", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, { "url": "https://git.kernel.org/stable/c/a1f95aede6285dba6dd036d907196f35ae3a11ea", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b77620730f614059db2470e8ebab3e725280fc6d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-360xx/CVE-2024-36016.json b/CVE-2024/CVE-2024-360xx/CVE-2024-36016.json index 34e7b1e4d29..1f0bbe7e647 100644 --- a/CVE-2024/CVE-2024-360xx/CVE-2024-36016.json +++ b/CVE-2024/CVE-2024-360xx/CVE-2024-36016.json @@ -2,12 +2,16 @@ "id": "CVE-2024-36016", "sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "published": "2024-05-29T19:15:48.297", - "lastModified": "2024-05-29T19:50:25.303", + "lastModified": "2024-05-30T10:15:10.097", "vulnStatus": "Awaiting Analysis", "descriptions": [ { "lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\ntty: n_gsm: fix possible out-of-bounds in gsm0_receive()\n\nAssuming the following:\n- side A configures the n_gsm in basic option mode\n- side B sends the header of a basic option mode frame with data length 1\n- side A switches to advanced option mode\n- side B sends 2 data bytes which exceeds gsm->len\n Reason: gsm->len is not used in advanced option mode.\n- side A switches to basic option mode\n- side B keeps sending until gsm0_receive() writes past gsm->buf\n Reason: Neither gsm->state nor gsm->len have been reset after\n reconfiguration.\n\nFix this by changing gsm->count to gsm->len comparison from equal to less\nthan. Also add upper limit checks against the constant MAX_MRU in\ngsm0_receive() and gsm1_receive() to harden against memory corruption of\ngsm->len and gsm->mru.\n\nAll other checks remain as we still need to limit the data according to the\nuser configuration and actual payload size." + }, + { + "lang": "es", + "value": "En el kernel de Linux se ha resuelto la siguiente vulnerabilidad: tty: n_gsm: corrige posibles fuera de los l\u00edmites en gsm0_receive() Suponiendo lo siguiente: - el lado A configura el n_gsm en modo de opci\u00f3n b\u00e1sica - el lado B env\u00eda el encabezado de un mensaje b\u00e1sico trama del modo de opci\u00f3n con longitud de datos 1 - el lado A cambia al modo de opci\u00f3n avanzada - el lado B env\u00eda 2 bytes de datos que exceden gsm->len Motivo: gsm->len no se usa en el modo de opci\u00f3n avanzada. - el lado A cambia al modo de opci\u00f3n b\u00e1sica - el lado B contin\u00faa enviando hasta que gsm0_receive() escribe m\u00e1s all\u00e1 de gsm->buf Motivo: Ni gsm->state ni gsm->len se han restablecido despu\u00e9s de la reconfiguraci\u00f3n. Solucione este problema cambiando gsm->count a gsm->len comparaci\u00f3n de igual a menor que. Tambi\u00e9n agregue comprobaciones de l\u00edmite superior contra la constante MAX_MRU en gsm0_receive() y gsm1_receive() para proteger contra la corrupci\u00f3n de memoria de gsm->len y gsm->mru. Todas las dem\u00e1s comprobaciones permanecen, ya que todav\u00eda necesitamos limitar los datos seg\u00fan la configuraci\u00f3n del usuario y el tama\u00f1o real del payload." } ], "metrics": {}, @@ -15,6 +19,14 @@ { "url": "https://git.kernel.org/stable/c/47388e807f85948eefc403a8a5fdc5b406a65d5a", "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/b890d45aaf02b564e6cae2d2a590f9649330857d", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" + }, + { + "url": "https://git.kernel.org/stable/c/f126ce7305fe88f49cdabc6db4168b9318898ea3", + "source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67" } ] } \ No newline at end of file diff --git a/CVE-2024/CVE-2024-44xx/CVE-2024-4427.json b/CVE-2024/CVE-2024-44xx/CVE-2024-4427.json index c69dd019f8c..d7890e0d3c9 100644 --- a/CVE-2024/CVE-2024-44xx/CVE-2024-4427.json +++ b/CVE-2024/CVE-2024-44xx/CVE-2024-4427.json @@ -8,6 +8,10 @@ { "lang": "en", "value": "The Comparison Slider plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions in all versions up to, and including, 1.0.5. This makes it possible for authenticated attackers, with subscriber access or above, to change plugin settings and perform other actions such deleting sliders." + }, + { + "lang": "es", + "value": "El complemento Comparison Slider para WordPress es vulnerable a modificaciones no autorizadas de datos debido a una falta de verificaci\u00f3n de capacidad en varias acciones AJAX en todas las versiones hasta la 1.0.5 incluida. Esto hace posible que atacantes autenticados, con acceso de suscriptor o superior, cambien la configuraci\u00f3n del complemento y realicen otras acciones, como eliminar controles deslizantes." } ], "metrics": { diff --git a/CVE-2024/CVE-2024-46xx/CVE-2024-4668.json b/CVE-2024/CVE-2024-46xx/CVE-2024-4668.json new file mode 100644 index 00000000000..48659f2d435 --- /dev/null +++ b/CVE-2024/CVE-2024-46xx/CVE-2024-4668.json @@ -0,0 +1,63 @@ +{ + "id": "CVE-2024-4668", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-30T10:15:10.180", + "lastModified": "2024-05-30T10:15:10.180", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Price Table and Post Slider widgets in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page." + }, + { + "lang": "es", + "value": "El complemento Gum Elementor Addon para WordPress es vulnerable a Cross-Site Scripting Almacenado a trav\u00e9s de los widgets de tabla de precios y control deslizante de publicaciones en todas las versiones hasta la 1.3.4 incluida debido a una sanitizaci\u00f3n de entrada insuficiente y a un escape de salida en los atributos proporcionados por el usuario. Esto hace posible que atacantes autenticados, con acceso de nivel de colaborador y superior, inyecten scripts web arbitrarios en p\u00e1ginas que se ejecutar\u00e1n cada vez que un usuario acceda a una p\u00e1gina inyectada." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "CHANGED", + "confidentialityImpact": "LOW", + "integrityImpact": "LOW", + "availabilityImpact": "NONE", + "baseScore": 6.4, + "baseSeverity": "MEDIUM" + }, + "exploitabilityScore": 3.1, + "impactScore": 2.7 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/gum-elementor-addon/trunk/widgets/post_slider.php#L2353", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/gum-elementor-addon/trunk/widgets/pricetable.php#L2013", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3093511/#file48", + "source": "security@wordfence.com" + }, + { + "url": "https://wordpress.org/plugins/gum-elementor-addon/#developers", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8b4effc8-7b24-4a6c-a161-176a22de6d6a?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/CVE-2024/CVE-2024-53xx/CVE-2024-5326.json b/CVE-2024/CVE-2024-53xx/CVE-2024-5326.json new file mode 100644 index 00000000000..06a9085ab1b --- /dev/null +++ b/CVE-2024/CVE-2024-53xx/CVE-2024-5326.json @@ -0,0 +1,55 @@ +{ + "id": "CVE-2024-5326", + "sourceIdentifier": "security@wordfence.com", + "published": "2024-05-30T11:15:30.970", + "lastModified": "2024-05-30T11:15:30.970", + "vulnStatus": "Received", + "descriptions": [ + { + "lang": "en", + "value": "The Post Grid Gutenberg Blocks and WordPress Blog Plugin \u2013 PostX plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postx_presets_callback' function in all versions up to, and including, 4.1.2. This makes it possible for authenticated attackers, with Contributor-level access and above, to change arbitrary options on affected sites. This can be used to enable new user registration and set the default role for new users to Administrator." + } + ], + "metrics": { + "cvssMetricV31": [ + { + "source": "security@wordfence.com", + "type": "Primary", + "cvssData": { + "version": "3.1", + "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", + "attackVector": "NETWORK", + "attackComplexity": "LOW", + "privilegesRequired": "LOW", + "userInteraction": "NONE", + "scope": "UNCHANGED", + "confidentialityImpact": "HIGH", + "integrityImpact": "HIGH", + "availabilityImpact": "HIGH", + "baseScore": 8.8, + "baseSeverity": "HIGH" + }, + "exploitabilityScore": 2.8, + "impactScore": 5.9 + } + ] + }, + "references": [ + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-post/trunk/classes/Styles.php#L160", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/browser/ultimate-post/trunk/classes/Styles.php#L177", + "source": "security@wordfence.com" + }, + { + "url": "https://plugins.trac.wordpress.org/changeset/3093815/", + "source": "security@wordfence.com" + }, + { + "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07a3db33-3787-4b63-835d-8e3026206842?source=cve", + "source": "security@wordfence.com" + } + ] +} \ No newline at end of file diff --git a/README.md b/README.md index e9577e18cc4..aff1b763fe7 100644 --- a/README.md +++ b/README.md @@ -13,13 +13,13 @@ Repository synchronizes with the NVD every 2 hours. ### Last Repository Update ```plain -2024-05-30T10:00:38.053384+00:00 +2024-05-30T12:00:38.282572+00:00 ``` ### Most recent CVE Modification Timestamp synchronized with NVD ```plain -2024-05-30T09:15:10.453000+00:00 +2024-05-30T11:15:30.970000+00:00 ``` ### Last Data Feed Release @@ -33,25 +33,26 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/ ### Total Number of included CVEs ```plain -252104 +252107 ``` ### CVEs added in the last Commit -Recently added CVEs: `6` +Recently added CVEs: `3` -- [CVE-2024-2089](CVE-2024/CVE-2024-20xx/CVE-2024-2089.json) (`2024-05-30T09:15:09.360`) -- [CVE-2024-2657](CVE-2024/CVE-2024-26xx/CVE-2024-2657.json) (`2024-05-30T09:15:09.583`) -- [CVE-2024-4355](CVE-2024/CVE-2024-43xx/CVE-2024-4355.json) (`2024-05-30T09:15:09.790`) -- [CVE-2024-4422](CVE-2024/CVE-2024-44xx/CVE-2024-4422.json) (`2024-05-30T09:15:10.020`) -- [CVE-2024-4426](CVE-2024/CVE-2024-44xx/CVE-2024-4426.json) (`2024-05-30T09:15:10.230`) -- [CVE-2024-4427](CVE-2024/CVE-2024-44xx/CVE-2024-4427.json) (`2024-05-30T09:15:10.453`) +- [CVE-2024-3583](CVE-2024/CVE-2024-35xx/CVE-2024-3583.json) (`2024-05-30T11:15:30.753`) +- [CVE-2024-4668](CVE-2024/CVE-2024-46xx/CVE-2024-4668.json) (`2024-05-30T10:15:10.180`) +- [CVE-2024-5326](CVE-2024/CVE-2024-53xx/CVE-2024-5326.json) (`2024-05-30T11:15:30.970`) ### CVEs modified in the last Commit -Recently modified CVEs: `0` +Recently modified CVEs: `4` +- [CVE-2022-33324](CVE-2022/CVE-2022-333xx/CVE-2022-33324.json) (`2024-05-30T10:15:08.703`) +- [CVE-2024-36014](CVE-2024/CVE-2024-360xx/CVE-2024-36014.json) (`2024-05-30T10:15:09.933`) +- [CVE-2024-36016](CVE-2024/CVE-2024-360xx/CVE-2024-36016.json) (`2024-05-30T10:15:10.097`) +- [CVE-2024-4427](CVE-2024/CVE-2024-44xx/CVE-2024-4427.json) (`2024-05-30T09:15:10.453`) ## Download and Usage diff --git a/_state.csv b/_state.csv index 308d70749c3..b8d91296e29 100644 --- a/_state.csv +++ b/_state.csv @@ -200726,7 +200726,7 @@ CVE-2022-33320,0,0,499d71c29fcbb1dac93bce0266b9a510f343ff995df72ef6f04466f578337 CVE-2022-33321,0,0,28ded79bb837eabe6c9c9ff3c9367147e43b5edcf3e8d006a45278113ad8d9ea,2023-10-26T06:15:07.963000 CVE-2022-33322,0,0,1ffe7c5a4e541fb2cab5481ebf644de030cb88e02a602fb18674a12630d749e2,2023-10-26T06:15:09.297000 CVE-2022-33323,0,0,111449fd702099ac464ad28ad331b874fb3fd63b6b2fb7c864fdcc6f51ca1b11,2023-07-21T19:22:23.673000 -CVE-2022-33324,0,0,7a954e465ea1d3bdff69c277d7b77a912583f3759887a790877bee5bb5891305,2023-12-13T05:15:07.773000 +CVE-2022-33324,0,1,19a203fa2ea8850bb0c46cc638382e638f2609764a6d808a58bb1eda26e86f7d,2024-05-30T10:15:08.703000 CVE-2022-33325,0,0,254a6e510adf83bba23c99082d51ab17324c91f3b818947bff593316a6a19c04,2022-07-12T20:01:30.937000 CVE-2022-33326,0,0,ae4f390450a32f40e28e2996d0e5c3dd06238a1acc63627e6fca82012f548b75,2022-07-12T20:02:29.537000 CVE-2022-33327,0,0,2c7981e88e6bfda8de92bead49c92762ed970ac6c2474c1c957188173d84e437,2022-07-12T20:03:25.853000 @@ -242268,7 +242268,7 @@ CVE-2024-20870,0,0,247de2e7cb6c1589f56f1a1780b91fbe4feee02648b4f01650496931882d0 CVE-2024-20871,0,0,4b5019addc2549a143f67a36860f5a0576db2a31268cf1be920df7487aeaeae8,2024-05-07T13:39:32.710000 CVE-2024-20872,0,0,f057840a1e0e70ef07c9af92e3c53b5e58e8fd31ea1c15cdb3fe23cd840da357,2024-05-07T13:39:32.710000 CVE-2024-2088,0,0,f74da5d889e7e80f73938a7b2b74d368f377afb5dd4c7ba942f0bc91c7b57a42,2024-05-22T12:46:53.887000 -CVE-2024-2089,1,1,04303588d18a031cf1ce06bb4b4adaceaba7e8f80aebcb91a491ab3bfd9da3bd,2024-05-30T09:15:09.360000 +CVE-2024-2089,0,0,04303588d18a031cf1ce06bb4b4adaceaba7e8f80aebcb91a491ab3bfd9da3bd,2024-05-30T09:15:09.360000 CVE-2024-20903,0,0,c3900fb8b8bb00a3ce86bfd5ca527fde9099622f71073bff3bcad70680bf3f2d,2024-02-20T19:51:05.510000 CVE-2024-20904,0,0,75011684a257ea742330251f679f71917299c125d35b4c6d39df6fddd4b69f37,2024-01-20T18:42:09.760000 CVE-2024-20905,0,0,9331a8e493544ea842bda306a367f01093664d68b881f6092eb05338afffb388,2024-02-20T19:51:05.510000 @@ -245613,7 +245613,7 @@ CVE-2024-26557,0,0,413b34482d1eed582f272b955524fa71f7b68414d25ad46ae764ef2e2b341 CVE-2024-26559,0,0,32dd037e107446e11601c6ddb83598fc34f3ebdb48b667f29294eba708b9e4c1,2024-02-29T13:49:47.277000 CVE-2024-2656,0,0,4340d2751b5b936977156d3c9b66d1badc283b5d0363629845c954a91d88c161,2024-04-08T18:49:25.863000 CVE-2024-26566,0,0,e082212a38f258b5c22bdd7daa5a29191a5e851b4c959cb2f66848d27d20d8bb,2024-03-07T13:52:27.110000 -CVE-2024-2657,1,1,43e31a0101d31e47d981996d8f58d262e31203e3c6d7fb9f0ccc7599d20872e4,2024-05-30T09:15:09.583000 +CVE-2024-2657,0,0,43e31a0101d31e47d981996d8f58d262e31203e3c6d7fb9f0ccc7599d20872e4,2024-05-30T09:15:09.583000 CVE-2024-26574,0,0,dcbd7ef017b2c94376d84166225aa21f7faefc7d209424b74f38bdb42fbf0b3e,2024-04-08T18:48:40.217000 CVE-2024-26577,0,0,eb994672bf510d158b4978f43b0d7e0594f22405d228a7c909ba4da4498cc451,2024-03-27T12:29:30.307000 CVE-2024-26578,0,0,631d617cd0985d9923eed32b0cb4b9e9025809830b6a3ca2ef1a468d4f2a7124,2024-02-22T19:07:27.197000 @@ -250747,6 +250747,7 @@ CVE-2024-35826,0,0,4c261153797f68de52fdcebcc39b483e62e8771137014b7942ef4517c0aad CVE-2024-35827,0,0,00fd5dbd49fdc15bfa820083a1ec906c035d4389cda7bf080f47e1390b623c3b,2024-05-17T18:35:35.070000 CVE-2024-35828,0,0,0ea21dd7c35e46f8b0d57d6daa6e413a2e458755547c8c147cd86515e9182627,2024-05-17T18:35:35.070000 CVE-2024-35829,0,0,c44ba0936af3a1fe5f7f3010480ec8dc69b0eee81bd82ca1410c50c6b6f9be29,2024-05-17T18:35:35.070000 +CVE-2024-3583,1,1,9a1377ec35dd49cc8e82f8778bef54a445c5b7fa0dc0b75b168f6ac24953cdaa,2024-05-30T11:15:30.753000 CVE-2024-35830,0,0,27720d3ad7228327ffbabcc4a70b76a4361939f13eb9a2c9b3ea225d096090a1,2024-05-17T18:35:35.070000 CVE-2024-35831,0,0,e476f255cbb35863c228cc39c24f005e09dc45755deb9bdbd505cd7895bb3e9a,2024-05-17T18:35:35.070000 CVE-2024-35832,0,0,709a0d9725aa8f275cb6f1989d983aa9dd4d602053632c653ca286db26420caa,2024-05-17T18:35:35.070000 @@ -250941,9 +250942,9 @@ CVE-2024-36010,0,0,2843e205b9e9b17b5fb3357cdae71842164efb1f33700d0fc205102dad316 CVE-2024-36011,0,0,abd5638cc1cfdef36e14f7c96bf2fc845d42601d602cfe73690b22754ed47103,2024-05-24T01:15:30.977000 CVE-2024-36012,0,0,99a87dfc7b0fc5371c51d11442e2aebe0c642c881f6f8e57147716a4b47febdf,2024-05-24T01:15:30.977000 CVE-2024-36013,0,0,1251c8e9d1d9ec0619ca01193822062d3235b343811763ddc34f761263e594d9,2024-05-25T15:15:09.070000 -CVE-2024-36014,0,0,b6dffe7dd5d49e6c455d61bd69e42c3b33c1276b626b1237429dc86dd78ceace,2024-05-29T13:02:09.280000 +CVE-2024-36014,0,1,1922b965079a53cde5f717f7b1a8cb792e11164c2920130d615fa0dfe42bb30f,2024-05-30T10:15:09.933000 CVE-2024-36015,0,0,c676b04ddfbe829445e8e45bfa3044e066037deb72244113c6ca52d7d6f2368e,2024-05-29T13:02:09.280000 -CVE-2024-36016,0,0,45b87cfc90b298e93c94b5bdecadfc7558dd74ffeb5098257ca61701c740b3ba,2024-05-29T19:50:25.303000 +CVE-2024-36016,0,1,1684099a094b5c97320b576aebacd3ba01d417868148b89dbe3ba2098bbf6f94,2024-05-30T10:15:10.097000 CVE-2024-36036,0,0,399529c38d111e737eeb859298f0b12af936846a2a63555a4e1fd24103a1ae63,2024-05-28T12:39:28.377000 CVE-2024-36037,0,0,0f6f02ecbfa932c634fa472570a56c7201914f9b8fefa1f5fa9e003f7709a6de,2024-05-28T12:39:28.377000 CVE-2024-36039,0,0,a8363180f0299206d54e6558901cb5cddfc68c9874309661faf6b2f8a76377e4,2024-05-21T16:53:56.550000 @@ -251504,7 +251505,7 @@ CVE-2024-4348,0,0,22aaa400d6ceaa55fdbf2a61503102f340b638c070cbc3ffa22198dc497008 CVE-2024-4349,0,0,d7cb391ad6a3595c020e400bfefef3bf14b6d8b75d9701c79688eb2693bdea7a,2024-05-17T02:40:23.273000 CVE-2024-4351,0,0,84a993fcb461a8c61255d21736701361dc3f453bf42043de26320f65ada00121,2024-05-16T13:03:05.353000 CVE-2024-4352,0,0,ec2049b13794d7b7eea90d377463d8f5c3179de2c6e69d57554c5eced6269751,2024-05-16T13:03:05.353000 -CVE-2024-4355,1,1,d2fa6823bc87ebd0bba63bc6d2ca2e71e0e514f99427d4276bc7ca2f53406c1c,2024-05-30T09:15:09.790000 +CVE-2024-4355,0,0,d2fa6823bc87ebd0bba63bc6d2ca2e71e0e514f99427d4276bc7ca2f53406c1c,2024-05-30T09:15:09.790000 CVE-2024-4356,0,0,665552b3e35c87b19e637f12854b443eebf7cafcbb889598a1c642b7847de2a5,2024-05-30T05:15:56.540000 CVE-2024-4357,0,0,15f39a23a70c5acc3d08c2f81b16ef69b06f28ee37422807405e1ad546411072,2024-05-15T18:35:11.453000 CVE-2024-4358,0,0,c8f40930fe3c6733bdba3289823c127651958d0def91c99c5ae0c8d826a9824a,2024-05-29T15:18:26.427000 @@ -251541,12 +251542,12 @@ CVE-2024-4417,0,0,56d1a7db112c78a6a4f4098b6b92b23b4d7cd4e314ee26ae65a28dbbe4d864 CVE-2024-4418,0,0,b75df24fbcd879bc4a65285c93bd33dc1c31ae502a7b108d2ac08220fcbe0dd6,2024-05-08T13:15:00.690000 CVE-2024-4419,0,0,e2d8f545d71f8d9558ae0290474349668dafdd9730a778cdbbf911c6b4cf5157,2024-05-29T13:02:09.280000 CVE-2024-4420,0,0,9b75921df8e16106b48e4c0d4f1fc07ba699b6ee751657d557cf95a2815ddc11,2024-05-21T12:37:59.687000 -CVE-2024-4422,1,1,6dc84d656f1dddcd846bcb6b7e7dc21ff255771c2496923c559756e482fcde32,2024-05-30T09:15:10.020000 +CVE-2024-4422,0,0,6dc84d656f1dddcd846bcb6b7e7dc21ff255771c2496923c559756e482fcde32,2024-05-30T09:15:10.020000 CVE-2024-4423,0,0,e0dbe4a46d2bfb02a06f5f6dd7941b892a0e354e08a517bf9732a9750b61686d,2024-05-14T16:11:39.510000 CVE-2024-4424,0,0,620360b6d69d7e46500e9eab3db8f094f558ee3037a5afde7000ad6722a43c71,2024-05-14T16:11:39.510000 CVE-2024-4425,0,0,ae12578d88becb8c756d759ea5148419b194091165c0ac35427c779bf68bf797,2024-05-14T16:11:39.510000 -CVE-2024-4426,1,1,fcdabd2a44cd47a056797b86f61b706edababe03d7e01f46cb584c5d92b373a2,2024-05-30T09:15:10.230000 -CVE-2024-4427,1,1,666449d0e69c513e659e625aa0c074e59cf1a29b8c07dafbf424b20bb727a6a2,2024-05-30T09:15:10.453000 +CVE-2024-4426,0,0,fcdabd2a44cd47a056797b86f61b706edababe03d7e01f46cb584c5d92b373a2,2024-05-30T09:15:10.230000 +CVE-2024-4427,0,1,b24dcf472d949ad92d547910b797fae1140147d6a78b3842e040b04dcfe02d40,2024-05-30T09:15:10.453000 CVE-2024-4429,0,0,c2c646b9e15928853bc45aa0c15bbb4594d023a25cef856d5c18ec0fc8bd1d8f,2024-05-28T17:11:55.903000 CVE-2024-4430,0,0,2977ce5eb55d4b32781acd64cf46e940cc709041a97d7f6a7071a523a104ede8,2024-05-14T16:11:39.510000 CVE-2024-4431,0,0,ac230214291f155ef417504dc1776264b583b1a9c2c18f1ea02407d51c3acd6f,2024-05-24T01:15:30.977000 @@ -251704,6 +251705,7 @@ CVE-2024-4654,0,0,79c00c0975ddb372bdc6401f0d780fdd389e77368b958736ad029c8bb8c90c CVE-2024-4656,0,0,23093c7ec18a8f42da4c8fc1c86b9aa6984d979cf63954576e1d332548405180,2024-05-15T16:40:19.330000 CVE-2024-4662,0,0,271820e0248036cdcfeea2da470b958f93caba3600263b2df375c674d931507f,2024-05-24T01:15:30.977000 CVE-2024-4666,0,0,dde8d66c76bdf850b898b9f95df0d92f0ac3da730c1f32826d61843a6ef06bf5,2024-05-15T16:40:19.330000 +CVE-2024-4668,1,1,1a6133fbf8e2b8f25d9bc2a9a22d569b4e3e3c94cbb500fc65282177e0462add,2024-05-30T10:15:10.180000 CVE-2024-4670,0,0,438b57b9006ea70a278767dc5849ca5e16eeaf7f43c9f1acf2c1dcf72f3e2983,2024-05-15T16:40:19.330000 CVE-2024-4671,0,0,911983d752f60a8558bde05d718b618b7e43132134b2e0d17f9ccefbfadcbebf,2024-05-16T20:27:10.670000 CVE-2024-4672,0,0,c471dbfc1b0841d64dcc099aa43b51219c9984a8f5787ce700ee05c1f63d9961,2024-05-17T02:40:31.847000 @@ -252035,6 +252037,7 @@ CVE-2024-5312,0,0,082c9ac2393cf8e57fdd7df5653c9ea7402a5c66b3a64380a6e8455af1865a CVE-2024-5314,0,0,a78e716fa392b8cb9869f7797ea197c1011e46ba4bc9c8c5da0073e7e12b93dd,2024-05-24T13:03:05.093000 CVE-2024-5315,0,0,17a737dcad42e55d9b51354513bcf6a79d52e58b0565b3a7bb2bcb2078a35d4b,2024-05-24T13:03:05.093000 CVE-2024-5318,0,0,23557c413419809da6545b8c1445586f3837718f3430ace9eed52e7e734c5a9b,2024-05-24T18:09:20.027000 +CVE-2024-5326,1,1,d90b791e097e13f323e766827d1e97683942ce06e790d34f9150e110bd7bc6fb,2024-05-30T11:15:30.970000 CVE-2024-5327,0,0,00d56bc9d4ad85aecc0ab640e3a0c1afad43fc63f05e8690a0f43c9e0f453796,2024-05-30T07:15:40.407000 CVE-2024-5336,0,0,c2865217e75958fb009c852cd174a4631a299d08f765ad6d61b3f77297c545fa,2024-05-28T12:39:42.673000 CVE-2024-5337,0,0,f2b800f7e84a00dbe58660ee27a5a6405784fadf3fae9f57a88589dda95cf166,2024-05-28T12:39:42.673000